Swedish ASIC miner company kncminer.com

[Phoenix1969]

The reset button resets both the ssh and gui passwords to origonal
Found out the "Hard way"...hehe

[1714184182]

1714184182

[1714184182]

1714184182

[1714184182]

1714184182

[sickpig]

I have a hypothetical question. If a 3rd party wants to rent a few days of hashtime on my Jupiter and I give him access including my password, if he changes the password without telling me is there any way to regain access without the new password or is the Juptier permanently hi-jacked?

hard reset should reset the passwords I believe.

hard reset just copy a bunch of pristine files placed in /config in various places, among them /config/shadow.factory
will be copied over /etc/shadow. that means that after an hard reset the pwd for root will be re-set to admin.

what if during the period of time u rent your miner that guy just change /config/shadow.factory?

anyway as long as u have physical access to the miner u could reflash your miner  using RecoveryFile (https://www.kncminer.com/userfiles/file/SD_image_0.96.1.zip) and everything will be under your control again.

[-Redacted-]

Set up a non-root user and allow him to log onto the box with that.  Restrict what can be executed via sudo.  

Why does the user need SSH access to the box anyway?  Give him web access, and move the web page that allows changing passwords out of the cgi-bin directory so it can't be accessed from the web interface until you put it back.

[xyzzy099]

I have a hypothetical question. If a 3rd party wants to rent a few days of hashtime on my Jupiter and I give him access including my password, if he changes the password without telling me is there any way to regain access without the new password or is the Juptier permanently hi-jacked?

hard reset should reset the passwords I believe.

hard reset just copy a bunch of pristine files placed in /config in various places, among them /config/shadow.factory
will be copied over /etc/shadow. that means that after an hard reset the pwd for root will be re-set to admin.

what if during the period of time u rent your miner that guy just change /config/shadow.factory?

anyway as long as u have physical access to the miner u could reflash your miner  using RecoveryFile (https://www.kncminer.com/userfiles/file/SD_image_0.96.1.zip) and everything will be under your control again.

If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever...  Maybe write a script that just blasts random values over I2C, and see if you can make something smoke

I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people...

[Phoenix1969]

Set up a non-root user and allow him to log onto the box with that.  Restrict what can be executed via sudo.  

Why does the user need SSH access to the box anyway?  Give him web access, and move the web page that allows changing passwords to somewhere else so it can't be accessed from the web interface until you put it back.

I'm sure there's a way to remove the reset password fieldsin the gui... but can't tell you how, because I'm not a linux efficienado
maybe you can block the security page entirely...?

[-Redacted-]

cd /www/pages/cgi-bin
mv passwd.cgi  /

done...  It will produce a 404 error if they try to go to that selection.

To put it back
cd /www/pages/cgi-bin
mv /passwd.cgi  .


Might want to do the same with upgrade.cgi, too...

[dwdoc]

cd /www/pages/cgi-bin
mv passwd.cgi  /

done...  It will produce a 404 error if they try to go to that selection.

To put it back
cd /www/pages/cgi-bin
mv /passwd.cgi  .


Might want to do the same with upgrade.cgi, too...

Nice. 

[sickpig]

If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever...  Maybe write a script that just blasts random values over I2C, and see if you can make something smoke

I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people...

yeah this could be done I suppose and it's nasty.

the best thing should do like -redacted- change web interface in such a way they could not gan control of the miner or just create a normal user and grant him  the right to do the minimum amount of things to let him mining (using sudo maybe)

[FiatKiller]

suck if the "renter" installed malicious firmware...  lol

[texaslabrat]

If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever...  Maybe write a script that just blasts random values over I2C, and see if you can make something smoke

I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people...

yeah this could be done I suppose and it's nasty.

the best thing should do like -redacted- change web interface in such a way they could not gan control of the miner or just create a normal user and grant him  the right to do the minimum amount of things to let him mining (using sudo maybe)

I would set it up as a gimped version of the knc hosting model.  No ssh access, and strip out all the web interface pages except the login, status, and mining pages.  The only thing a 3rd party renter needs to be able to do is log on to the device, change pool settings, and restart the cgminer process.  Everything else they can submit a "support ticket" for....and some sort of SLA for response time can be written into the rental agreement.

[Biffa]

Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.

As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password.

So change the root password and they can't ssh into the box, they can just use the web admin.

To change the root password from ssh just type passwd

Try it, change the root password, then logout of ssh and login again with the new root password.

You will notice that the web account still uses the old password.

If you want to change the web account password its: passwd admin

[Phoenix1969]

Here are some steps to streamline access to your miner through putty..
1. Open the putty session window, and input your I.P. normally in the hostname field, but DO NOT HIT ENTR.
    a. Instead, take your mouse pointer, highlight the saved sessions field(with a single left-click), and input your miner's I.P. again.
2. on the window/behavior tab to the left, un-check the "warn before exit" box.
3. on the connection/data tab, enter "root" to the auto-login username field.
4. on the SSH tab, enter "screen -r" into the "remote command" field.
5. back on the Session tab, at bottom of page, check the "close window on exit"....... "always"
6. now hit the SAVE button, and close putty
7. Go to your desktop & right-click for a context menu, and go to new/ shortcut.
8. input the location of putty for starting it. Use full file location to execute putty & input your miner's I.P. address as such...    
 C:\Users\Ewik\Desktop\putty.exe -load "123.123.123.4" -pw password
click next, input a name for your new shortcut, click finish.

Now, when you click on the shortcut, it will start putty with your miner's ip, and enter "root" for you, and enters your password, enters the "screen -r" for you, and jumps into cgminer window.
it all happens very fast then
click on shortcut... you're in!
BAM

[Phoenix1969]

Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.

As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password.

So change the root password and they can't ssh into the box, they can just use the web admin.

To change the root password from ssh just type passwd

Try it, change the root password, then logout of ssh and login again with the new root password.

You will notice that the web account still uses the old password.

If you want to change the web account password its: passwd admin

when you change the password in the GUI, it changes BOTH the GUI AND the Root passwords. if they don't match, I imagine you loose gui control alltogether, don't you?

[ASIC-K]

just a bit of an update. my mercury is running at 134.4 ghs (from the pool) 141.6 (from cgminer) since .98 firmware. everything is running great except hw errors actually went up for me. its steady at 6.9% and rejected (duplicates mostly) is around 3%. could be worse i guess...

[xyzzy099]

Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.

As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password.

So change the root password and they can't ssh into the box, they can just use the web admin.

To change the root password from ssh just type passwd

Try it, change the root password, then logout of ssh and login again with the new root password.

You will notice that the web account still uses the old password.

If you want to change the web account password its: passwd admin

I don't think that's actually true...  The lighttpd daemon has it's own password file and pays no attention to /etc/shadow for its authentication.

[bobsmoke]

Did someone noted or ir aware if KNC already upgraded the hosted boxes to 0.98?

[Elenelen]

Here are some steps to streamline access to your miner through putty..
1. Open the putty session window, and input your I.P. normally, but do not hit enter.
    a. Instead, take your mouse pointer, highlight the saved sessions field, and input your miner's I.P. again.
2. on the window/behavior tab to the left, un-check the warn before exit box.
3. on the connection/data tab, enter "root" to the auto-login username field.
4. on the ssh tab, enter "screen -r" into the remote command field.
5. back on the session tab, at bottom of page, check the close window on exit "always"
6. now hit the SAVE button, and close putty
7. Go to your desktop & right-click for a context menu, and go to new/ shortcut.
8. input the location of putty for starting it. Use full file location to execute putty & input your miner's I.P. address as such...    
 C:\Users\Ewik\Desktop\putty.exe -load "123.123.123.4"
click next, input a name for your new shortcut, click finish.

Now, when you click on the shortcut, it will start putty with your miner's ip, and enter "root" for you, and wait for a password. as soon as you enter your password, it does the "screen -r" for you, and jumps into cgminer window.
it all happens very fast then
click on shortcut, enterpass, you're in.
BAM

Thank you !!

[Holographic]

Did someone noted or ir aware if KNC already upgraded the hosted boxes to 0.98?

My hosted Jupiter jumped from ~490 GH/s to ~560 GH/s like 24 hours ago. I have previously seen similar changes, both negative and positive, around the time they release a new FW version. I think they pretty much upgrade all the hosted miners as soon as the new FW is ready, but I could be wrong.

[paranoidx]

I was getting 460-480 on eligius. .98 got me to 520-550! Woot! Good stuff.

[shmadz]

btw... of all the experimenting on the sats...70-79 seems to be the optimum temp
It takes about 1 and 1/2 hours to 2 hours to see the results on the graph, but looks to be a signifigant difference when you include several machines... about 40 gh/s for me... just by monitoring temps to 70-79 instead of letting them drop to 55-60 overnight. I use cardboard to block a bit of the airflow, and monitor the temps on the GUI, then watch for the results on the graph, and how high they peak over a couple hours. Well worth it for me.
When they said "Over-cooled", they weren't kidding!

I'm running naked case with a huge blower fan blowing across it and my temps are low 40's but the hashrate reported is only around 450. I turned the blower fan off and my hashrate jumped to 550 in fairly short order (less than half an hour I think, probably closer to 15 minutes) but when I noticed that the temps were going into the 70's I immediately turned the fan back on, and the hashrate promptly dropped back to 450.

Does anyone else know about the longevity concerns of running at 70+ degrees? Anyone else noticing similar results?

This is on 0.98 firmware btw.